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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 

application: 

LISTING OF CLAIMS: 

1 . (Original): A storage system comprising: 

a first storage area having an object stored therein; and 

a second storage area having stored therein an object identifier that identifies the object, 
wherein the object identifier is unique within and outside of the storage system. 

2. (Original) The storage system of claim 1, wherein the object identifier is a Universal 
Unique Identifier (UUID). 

3. (Previously Presented) The storage system of claim 1, wherein the first and second 
storage areas are storage areas within a database. 

4. (Original) The storage system of claim 3, wherein the object identifier is a Universal 
Unique Identifier (UUID). 

5. (Original) The storage system of claim 2, wherein the storage system is part of an 
access control system. 

6. (Original): A memory comprising: 
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a first storage area having an object stored therein; and 

a second storage area having stored therein an object identifier that identifies the object, 
wherein the object identifier is unique within and outside of the storage system. 

7. (Original) The memory of claim 6, wherein the object identifier is a Universal Unique 
Identifier (UUID). 

8. (Original) The memory of claim 6, wherein the first and second storage areas are 
storage areas within a database structure. 

9. (Original) The storage system of claim 8, wherein the object identifier is a Universal 
Unique Identifier (UUID). 

10. (Original): A method of storing information in a storage system, comprising: 
storing an object in the storage system; and 

storing an object identifier in the storage system, wherein the object identifier identifies the 
object, and the object identifier is unique within and outside of the storage system. 

1 1 . (Original) The method of claim 10, wherein the object identifier is a Universal 
Unique Identifier (UUID). 
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12. (Original) The method of claim 10, wherein the object is stored in a database. 

13. (Original) The method of claim 10, wherein the object identifier is stored in a 
database. 

14. (Original) The method of claim 12, wherein the object identifier is a Universal 
Unique Identifier (UUID). 

15. (Original) The method of claim 13, wherein the object identifier is a Universal 
Unique Identifier (UUID). 

16. (Original) The method of claim 10, wherein the storage system is part of an access 
control system. 

1 7. (Original) An access control method comprising: 

requesting access for a user to a remote resource, wherein the request includes a subject 
identifier for use in making an access control decision, and wherein the subject identifier is 
unique within and outside of the remote resource and identifies the user. 

18. (Original) The access control method of claim 17, wherein the subject identifier is a 
Universal Unique Identifier (UUID). 
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19. (Original) The access control method of claim 18, wherein the request further 
includes a subject descriptor for use in the access control decision. 

20. (Original) The access control method of claim 19, wherein the subject descriptor is a 
UUID for an organizational structure that includes the user. 

21. (Original) The access control method of claim 19, wherein the access control decision 
is made by a resource manager that protects the remote resource, and the request is sent over a 
communications path considered safe by the protecting resource manager and the user. 

22. (Original) A computer-readable medium having computer-executable code stored 
thereon, comprising: 

computer instructions for requesting access for a user to a remote resource, wherein the 
request includes a subject identifier for use in making an access control decision, and wherein the 
subject identifier is unique within and outside of the remote resource and identifies the user. 

23. (Previously Presented) The access control method of claim 22, wherein the subject 
identifier is a Universal Unique Identifier (UUID). 

24. (Original) A method of identifying a user requesting access to an object, comprising: 
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establishing a secure communication path between a reference monitor protecting the 
object and a resource manager having information describing the user, in response to a request 
by the user to access the object; 

sending a request for user information from the protecting reference monitor to the 
resource manager, the request including a subject descriptor for the user, wherein the subject 
identifier is a Universal Unique Identifier (UUID); 

receiving, in response to the request, the user information located based on the subject 
identifier. 

25. (Original) The method of claim 24, further comprising: 

determining, based on the received user information, if the user has permission to access 
the requested object. 

26. (Original) The method of claim 24, wherein the user information includes information 
relating to an organization of which the user is a member. 

27. (Original) An information storage management system, comprising: 
a collection of stored objects; 

an access control unit for determining if a requestor is authorized to access a protected 
object stored in the collection; 

a resource manager connected to the access control unit and to a communications channel; 
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wherein the resource manager receives a user's request for access to the protected object, 
the request including a globally unique identifier for the user requesting the access, and in 
response to the user's request the resource manager sends over the communications channel to an 
external storage management system a request for information about the user, the request 
including the globally unique identifier; and 

wherein the resource manager upon receiving a response including user information 
about the user passes the user information to the access control unit; and based on the user 
information the access control unit determines whether to grant the subject access to the 
protected object. 

I 

28. (Original) The information storage management system of claim 27, wherein the 
globally unique identifier is a Universal Unique Identifier (UUID). 

29. (Original) The information storage management system of claim 27, wherein the user 
information is organization information indicating whether the user is a member of an 
organization. 

30. (Previously Presented) An information storage management system, comprising: 
a collection of stored objects; 

an access control unit for determining if a requestor is authorized to access a protected 
object stored in the collection; 
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a resource manager connected to the access control unit and to a communications channel; 

wherein the resource manager receives a user's request for access to the protected object, 
the request including a globally unique identifier for the user requesting the access, and in 
response to the user's request the resource manager resolves the globally unique identifier to a 
user identifier recognized by an external storage management system; the resource manager 
sending to the external storage management system a request for information about the user, the 
request including the resolved user identifier; and 

wherein the resource manager upon receiving a response including user information 
about the user passes the user information to the access control unit; and based on the user 
information the access control unit determines whether to grant the subject access to the 
protected object. 

3 1 . (Original) The information storage management system of claim 30, wherein the 
globally unique identifier is a Universal Unique Identifier (UUID). 

32. (Original) The information storage management system of claim 30, wherein the user 
information is organization information indicating whether the user is a member of an 
organization. 

33. (Original) The information storage management system of claim 30, wherein the 
resource manager resolves the globally unique identifier by using a name server. 
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34. (Previously Presented) A method of accessing a protected object, comprising: 
sending a globally unique identifier for a user to a name resolving device, and receiving 

there from information about the user; and 

sending to a storage management system containing an object a request for access to the 
object, the request including the information about the user. 

35. (Original) The method of claim 34, wherein the globally unique identifier is a 
Universal Unique Identifier (UUID). 

I 

36. (Previously Presented) A computer-readable medium of computer-executable code 
for accessing a protected object, comprising: 

a first set of computer instructions for sending a globally unique identifier for a user to a 
name resolving device, and receiving there from information about the user; and 

a second set of computer instructions for sending to a storage management system 
containing an object a request for access to the object, the request including the information 
about the user. 

37. (Original) The computer-readable medium of computer-executable code of claim 36, 
wherein the globally unique identifier is a Universal Unique Identifier (UUID). 
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38. (previously presented) The storage system of claim 1, wherein the object is a database 
record describing a user. 

39. (previously presented) The memory of claim 6, wherein the object is a database 
record describing a user. 

40. (previously presented) The method of claim 10, wherein the object is a database 
record describing a user. 

41. (Previously Presented) The access control method of claim 17, wherein the subject 
identifier identifies a database record describing the user, and the database record is stored on a 
local resource physically separate from the remote resource. 

42. (Previously Presented) The access control method of claim 22, wherein the subject 
identifier identifies a database record describing the user, and the database record is stored on a 
local resource physically separate from the remote resource. 

43. (new): The storage system of claim 1, wherein the object contains information 
pertaining to a user accessing a remote resource. 
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44. (new): The storage system of claim 43, wherein the user accesses data stored in the 
remote resource with the object identifier and a requested document identifier. 

45. (new): The storage system of claim 44, wherein the requested document identifier 
identifies a document requested by the user stored in the remote resource. 

46. (new): The storage system of claim 45, wherein an access privilege of the user for 
accessing the remote resource is based on the object. 
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